I just installed AIDE. After I run an update (reseting the database) and rescan it without changing any files, I get a fairly long log.

Of course this makes sense when you look at the file types, they are mostly devices under /dev (/dev/.udev/...)

The computer is a web-server and I teaching myself as I go... I think i can figure out how to change the configuration file but are unsure what the best practice is. So my question is - What do other AIDE users with more experience do with their config files? Do you look for only added files under /dev, all changes, or something else. It seems that ignoring the whole /dev directory just give someone a place to hide things...

I am also wondering what people recommend for the cron job I plan to run every 24 hours. At first glance it seems like making a new user and group to run AIDE is the way to go. But then it seems like root needs to run it so it can see all the files on the system. Any thoughts?